Wednesday, October 27, 2010

In PowerShell, you can get a wealth of information from using the Get-Help parameter.For example, if you type Get-Help Get-Command, you receive basic help information for the cmdlet Get-Command.For detailed information, type Get-Help Get-Command –full.

The first section of this expanded help file is the basic information for the cmdlet.It includes the syntax, a description, and in some cases, related commands.The next section list the parameters and the third examples.We will focus on the parameters section.

Below is the parameter Name from Get-Command.

-Name

Gets information only about the cmdlets or command elements with the specified name. represents all or part of the name of the cmdlet or command element. Wildcards are permitted.

To list commands with the same name in execution order, type the command name without wildcard characters. For more information, see the Notes section.

Required?false

Position?1

Default value

Accept pipeline input?true (ByValue, ByPropertyName)

Accept wildcard characters?false

The Position value tells you if there is a specific order in which this parameter needs to be listed.In this case, it should be the first parameter for this cmdlet.Others that say Named can be placed anywhere after any required parameters.

Wednesday, October 20, 2010

Network Access Protection is another tool in your arsenal to protect your networks.With it, you have the ability to make sure your defenses are on, stay on, and are up to date.NAP also provides you the tools to help make remediation of any problems automatic.

Your clients needs to have several configuration changes made to the in order to respond to NAP.They are:

- Security Center must be turned on.

- The NAP Service must be running.

- The proper NAP Enforcement Client must be enabled.

You can achieve this using group policy.Just make sure this GPO is applied to all your clients.

Friday, October 15, 2010

This guide is intended to help network administrators deploy IPv6 using DHCPv6 server in Windows server 2008 R2.

This lab procedure is being produced on a Windows Server 2008 R2 Hyper-V server running two virtual machines. One is a Windows 2008 R2 server and the second is a Windows 7 Professional client. The server is a domain controller with DHCP service installed and the client is a member of the domain.

The DHCP server needs to be set up for IPv6 Stateful configuration.

Open Server Manager

Click Roles

Click Add Roles

Click Next

Check DHCP Server and click Next

Click Next

In the Select Network Connection Bindings window, select which network adapters that you would like to use for DHCP and then click Next.

In the Specify IPv4 DNS Server Settings, enter the correct information for your network and click Next

In the Specify IPv4 WINS Server Settings, give the information appropriate for your environment and click Next

In the Add or Edit DHCP Scopes window, click Next

In the Configure DHCPv6 Stateless Mode window, select Disable DHCPv6 Stateless mode for this server and click Next

In the Authorize DHCP Server windows, click Next

Click Install

Click Close when the installation completes.

Set the static IP address of the domain controller to FC00:0:0:1:: and the DNS server to FC00:0:0:1::. For the sake of this exercise, set the Default gateway to FC00:0:0:2::

Let’s start off by configuring the DHCP server to issue IPv6 address.

Click Start / Administrative Tools / DHCP.

Expand your network and then expand IPv6.

Right click IPv6 and then click New Scope

Click Next

Give this scope a distinctive name and a description.

Click Next.

In the Scope Prefix window, give the prefix of FC00:0:0:1:: and click Next

In the Add Exclusions window, provide an Exclusion range so you can set your static devices with IPv6 addresses that will not be issued by this DHCP server.

Start IPv6 Address: 0:0:0:1

End IPv6 Address: 0:0:0:2

Click Add and then Next

On the Scope Lease window, click Next

On the Completing the New Scope Wizard window, Select Activate Scope Now and then click Finish

The next step is to configure our Windows 7 client to receive IPv6 addresses from a DHCPv6 server.

Wednesday, October 13, 2010

I thought that it is time to start using my Comptia certifications so I am now offering Network+ classes to all my clients. I am utilizing the Element K text for these classes. Please let me know if you are interested.

For security, Web SSO requires remote applications to be signed using a certificate from a trusted issuer.

Access to personal virtual desktops by using RD Connection Broker

Users can access personal virtual desktops when they use the new Remote Desktop Virtualization Host in Windows Server 2008 R2. Personal desktops are assigned to users on a one-to-one basis and maintain state over time.

Access to virtual desktop pools by using RD Connection Broker

Users can access virtual desktop pools when they use the new Remote Desktop Virtualization Host in Windows Server 2008 R2. Pooled desktops are shared between multiple users, and all changes a user makes are typically rolled back when the user logs off.

Status & disconnect system tray icon

A single system tray icon enables users to see all of their remote connections. The user can disconnect all or individual connections that use this icon. The icon appears only when opening RDP connections which are associated with a RemoteApp and Desktop Connection feed.

RD Gateway-based device redirection enforcement

In Windows Server 2008, it was possible for non-Microsoft Remote Desktop clients to override the gateway device redirection controls. In Windows Server 2008 R2, device redirection settings are defined in RD Gateway and can be configured not to be overridden.

RD Gateway system and logon messages

System and logon messages can be added to RD Gateway and displayed to the remote desktop user. System messages can be used to inform users of server maintenance issues such as shutdowns and restarts. Logon messages can be used to display a logon notice to users before they gain access to remote resources.

RD Gateway background authorization & authentication

Background authentication and authorization requests are performed after a configured session timeout is reached. Sessions for users whose property information has not changed are not affected, and authentication and authorization requests are sent in the background.

RD Gateway idle & session time-outs

Configurable idle and session time-outs with RD Gateway provide better control of users who connect through RD Gateway. An idle time-out lets the user reclaim resources that are used by inactive user sessions without affecting the user's session or data. This helps free up resources on the RD Gateway server.

NAP remediation with RD Gateway

NAP remediation allows you to manage remote clients by updating them with the latest software updates and settings. This helps keep remote clients in compliance with network security policies.

Windows Media Player redirection

Windows Media Player Redirection enables content hosted in Windows Media Player to be redirected to the client for decoding on users’ computers. This improves the quality of the video and makes sure that video and audio are always in sync. This works for both full Windows Media Player and Windows Media Player controls hosted in Web pages.

Bidirectional audio

You can redirect audio recording devices such as microphones on the client computer. This is ideal for applications such as Windows 7 voice recognition, and applications that record audio.

Multiple monitor support

In Windows Vista and in Windows Server 2008, Terminal Services supported only monitor spanning. Remote Desktop Services now includes multiple monitor support for up to 16 monitors, and works for both Remote Desktop and RemoteApp programs.

NoteFor connections with multiple monitor support enabled, AeroGlass support is currently not supported and will be turned off.

Enhanced video playback

Bitmap acceleration improves the remote display of graphics-intensive applications such as PowerPoint, Flash, and Silverlight.

The download link for each version is at the bottom. As always, make sure you test before deploying to your clients.

Wednesday, October 6, 2010

The simple truth is not all applications will be compatible with Windows 7.Since Windows Vista, parts of the OS and registry are not longer accessible to applications to modify.There are several methods to mitigate application compatibility issues.One of them is with Windows XP Mode for Windows 7.You must be running Window 7 Professional, Business, or Ultimate editions to be able to utilize Windows XP mode.You will also need to install virtual PC on Windows 7.Below are the links to download your copy of Windows XP Mode and the installation instructions.

Once you have Windows XP Mode installed, install you application in the XP mode and give it a try.

Monday, October 4, 2010

The answer to this question depends on the operating system of your forest.

-Windows 2000:800 domains

-Windows 2003/2008: 1200 domains

These are Microsoft’s recommendations.

Another interesting note is that your domain controllers can only create 2,147,483,393 before they can no longer create any more new objects. I think it is safe to say that most organizations will not hit this limit in a domain controllers lifetime.

Friday, October 1, 2010

In PowerShell V1, I was a bit disapointed with the lack of Active Directory support built into PowerShell. With V2 and the RSAT (Remote Server Administration Tools), you have much greater management capability of your AD environment with PowerShell.

The first step is to get your PowerShell configured for AD. On a Windows Server 2008 R2 domain controller, this is easy. Just click Start / Windows PowerShell Modules. That will bring up a PowerShell console with all the new goodies loaded up. Now, what about the ISE?

To load the AD Modules up in the ISE, I have a small script that I use. I just run it and I'm ready to go. You can also include this as a function in your own scripts to avoid having to run a supporting script.